diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..be79709 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,110 @@ +{ + "extends": [ + ":separateMajorReleases", + ":ignoreUnstable", + ":prImmediately", + ":updateNotScheduled", + ":automergeDisabled", + ":disableRateLimiting", + ":ignoreModulesAndTests", + ":autodetectPinVersions", + ":gitSignOff", + "group:monorepos", + "group:recommended", + "helpers:disableTypesNodeMajor", + "workarounds:all", + ":automergeDigest", + ":automergePatch", + ":automergeMinor", + ":dependencyDashboard" + ], + "baseBranches": ["main"], + "enabledManagers": [ "helmv3", "regex"], + "semanticCommits": "enabled", + "automergeType": "pr-comment", + "automergeComment": "renovate:merge", + "helmv3": { + "enabled": true, + "fileMatch": ["(^|/)helm-dependencies.yaml$"] + }, + "customManagers": [ + { + "customType": "regex", + "datasourceTemplate": "docker", + "fileMatch": ["(^|/)helm-dependencies.yaml$"], + "matchStrings": [ + "name:\\n.*repository:\\s(?.*).*\\n.*\\n.*\\n.*tag:\\s(?.*)" + ] + } + ], + "reviewersFromCodeOwners": true, + "prHourlyLimit": 0, + "ignoreDeps": [ + "admiralty", + "secrets-store-csi-driver", + "aws-for-fluent-bit", + "aws-node-termination-handler", + "aws-calico", + "cert-manager-csi-driver", + "flux", + "istio-operator", + "k8gb", + "karma", + "keda", + "keycloak", + "kong", + "kyverno", + "kyverno-crds", + "linkerd2", + "linkerd2-cni", + "linkerd-viz", + "prometheus-adapter", + "prometheus-cloudwatch-exporter", + "prometheus-blackbox-exporter", + "rabbitmq-cluster-operator", + "scaleway-webhook", + "sealed-secrets", + "strimzi-kafka-operator", + "thanos", + "tigera-operator", + "traefik", + "memcached", + "vault", + "velero", + "victoria-metrics-k8s-stack" + ], + "packageRules": [ + { + "matchManagers": ["github-actions"], + "semanticCommitScope": "ci", + "semanticCommitType": "chore" + }, + { + "matchManagers": ["pre-commit"], + "semanticCommitScope": "ci", + "semanticCommitType": "chore" + }, + { + "matchManagers": ["helmv3"], + "semanticCommitScope": "charts", + "semanticCommitType": "fix", + "matchUpdateTypes": ["patch", "digest"] + }, + { + "matchManagers": ["helmv3"], + "semanticCommitScope": "charts", + "semanticCommitType": "feat", + "matchUpdateTypes": ["major", "minor"] + }, + { + "matchManagers": ["terraform"], + "semanticCommitScope": "tf", + "semanticCommitType": "feat", + "automerge": false + }, + { + "matchDatasources": ["docker"], + "versioning": "semver-coerced" + } + ] +} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 0000000..595a980 --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,29 @@ +name: 'terraform-kubernetes-addons' + +on: + pull_request: + branches: + - main + paths: + - '.github/*' + +jobs: + renovate-run: + name: 'renovate:config' + if: github.ref != 'refs/heads/release' + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 + + - uses: actions/setup-node@v3 + with: + node-version: '18' + check-latest: true + + - name: Install Renovate + run: npm install -g renovate + + - name: Check Renovate configuraton + run: renovate-config-validator diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml new file mode 100644 index 0000000..232e94c --- /dev/null +++ b/helm-dependencies.yaml @@ -0,0 +1,592 @@ +apiVersion: v2 +dependencies: +- name: admiralty + repository: https://charts.admiralty.io + version: 0.13.2 +- name: secrets-store-csi-driver + repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts + version: 1.3.4 +- containers: + image: + name: + repository: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver + source: public.ecr.aws/ebs-csi-driver + ver: + tag: v1.21.0 + sidecars.attacher.image: + name: + repository: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher + source: public.ecr.aws/eks-distro + ver: + tag: v4.3.0-eks-1-27-8 + sidecars.csiProvisioner.image: + name: + repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner + source: public.ecr.aws/eks-distro + ver: + tag: v3.5.0-eks-1-27-8 + sidecars.livenessProbe.image: + name: + repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe + source: public.ecr.aws/eks-distro + ver: + tag: v2.10.0-eks-1-27-8 + sidecars.nodeDriverRegistrar.image: + name: + repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar + source: public.ecr.aws/eks-distro + ver: + tag: v2.8.0-eks-1-27-8 + sidecars.provisioner.image: + name: + repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner + source: public.ecr.aws/eks-distro + ver: + tag: v3.5.0-eks-1-27-8 + sidecars.resizer.image: + name: + repository: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer + source: public.ecr.aws/eks-distro + ver: + tag: v1.8.0-eks-1-27-8 + sidecars.snapshotter.image: + name: + repository: k8s.gcr.io/sig-storage/csi-snapshotter + source: k8s.gcr.io/sig-storage + ver: + tag: v6.2.1 + name: aws-ebs-csi-driver + repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver + version: 2.21.0 +- containers: + image: + name: + repository: docker.io/amazon/aws-efs-csi-driver + source: docker.io/amazon + ver: + tag: v1.5.8 + sidecars.csiProvisioner.image: + name: + repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner + source: public.ecr.aws/eks-distro + ver: + tag: v3.5.0-eks-1-27-8 + sidecars.livenessProbe.image: + name: + repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe + source: public.ecr.aws/eks-distro + ver: + tag: v2.10.0-eks-1-27-8 + sidecars.nodeDriverRegistrar.image: + name: + repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar + source: public.ecr.aws/eks-distro + ver: + tag: v2.8.0-eks-1-27-8 + name: aws-efs-csi-driver + repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver + version: 2.4.7 +- name: aws-for-fluent-bit + repository: https://aws.github.io/eks-charts + version: 0.1.28 +- containers: + image: + name: + repository: public.ecr.aws/eks/aws-load-balancer-controller + source: public.ecr.aws/eks + ver: + tag: v2.5.4 + name: aws-load-balancer-controller + repository: https://aws.github.io/eks-charts + version: 1.6.1 +- name: aws-node-termination-handler + repository: https://aws.github.io/eks-charts + version: 0.21.0 +- name: aws-calico + repository: https://aws.github.io/eks-charts + version: 0.3.11 +- containers: + acmesolver.image: + name: + repository: quay.io/jetstack/cert-manager-acmesolver + source: quay.io/jetstack + ver: + tag: v1.12.1 + cainjector.image: + name: + repository: quay.io/jetstack/cert-manager-cainjector + source: quay.io/jetstack + ver: + tag: v1.12.1 + extraArgs.acme-http01-solver-image: + manager: extra + name: + repository: quay.io/jetstack/cert-manager-acmesolver + source: quay.io/jetstack + ver: + tag: v1.12.1 + gateway-api-admission.create_or_patch: + manager: kustomize + name: + repository: k8s.gcr.io/ingress-nginx/kube-webhook-certgen + source: k8s.gcr.io/ingress-nginx + ver: + tag: v1.3.0 + gateway-api-admission.webhook: + manager: kustomize + name: + repository: gcr.io/k8s-staging-gateway-api/admission-server + source: gcr.io + ver: + tag: v0.7.1 + image: + name: + repository: quay.io/jetstack/cert-manager-controller + source: quay.io/jetstack + ver: + tag: v1.12.1 + startupapicheck.image: + name: + repository: quay.io/jetstack/cert-manager-ctl + source: quay.io/jetstack + ver: + tag: v1.12.1 + webhook.image: + name: + repository: quay.io/jetstack/cert-manager-webhook + source: quay.io/jetstack + ver: + tag: v1.12.1 + name: cert-manager + manifests_version: v0.5.1 + repository: https://charts.jetstack.io + version: v1.12.2 +- name: cert-manager-csi-driver + repository: https://charts.jetstack.io + version: v0.5.0 +- containers: + image: + name: + repository: k8s.gcr.io/autoscaling/cluster-autoscaler + source: k8s.gcr.io/autoscaling + ver: + tag: v1.26.2 + name: cluster-autoscaler + repository: https://kubernetes.github.io/autoscaler + version: 9.29.1 +- containers: + image: + name: + repository: k8s.gcr.io/external-dns/external-dns + source: k8s.gcr.io/external-dns + ver: + tag: v0.13.4 + name: external-dns + repository: https://kubernetes-sigs.github.io/external-dns/ + version: 1.13.0 +- name: flux + repository: https://charts.fluxcd.io + version: 1.13.3 +- containers: + controller.admissionWebhooks.patch.image: + name: + image: ingress-nginx/kube-webhook-certgen + registry: + registry: registry.k8s.io + ver: + tag: v1.3.0 + controller.image: + name: + image: ingress-nginx/controller + registry: + registry: registry.k8s.io + ver: + tag: v1.8.1 + defaultBackend.image: + name: + image: defaultbackend-amd64 + registry: + registry: registry.k8s.io + ver: + tag: '1.5' + name: ingress-nginx + repository: https://kubernetes.github.io/ingress-nginx + version: 4.7.1 +- chart: ingress-nginx + containers: + controller.admissionWebhooks.patch.image: + name: + image: ingress-nginx/kube-webhook-certgen + registry: + registry: registry.k8s.io + ver: + tag: v1.3.0 + controller.image: + name: + image: ingress-nginx/controller + registry: + registry: registry.k8s.io + ver: + tag: v1.8.1 + defaultBackend.image: + name: + image: defaultbackend-amd64 + registry: + registry: registry.k8s.io + ver: + tag: '1.5' + name: ingress-nginx-internal + repository: https://kubernetes.github.io/ingress-nginx + version: 4.7.1 +- name: istio-operator + repository: https://clusterfrak-dynamics.github.io/istio/ + version: 1.7.0 +- name: k8gb + repository: https://www.k8gb.io + version: v0.11.2 +- name: karma + repository: https://charts.helm.sh/stable + version: 1.7.2 +- name: keda + repository: https://kedacore.github.io/charts + version: 2.11.2 +- name: keycloak + repository: https://codecentric.github.io/helm-charts + version: 18.4.3 +- name: kong + repository: https://charts.konghq.com + version: 2.26.2 +- containers: + alertmanager.alertmanagerSpec.image: + name: + repository: prometheus/alertmanager + registry: + registry: quay.io + ver: + tag: v0.25.0 + grafana.downloadDashboardsImage: + name: + repository: docker.io/curlimages/curl + source: docker.io + ver: + tag: 8.2.0 + grafana.image: + name: + repository: docker.io/grafana/grafana + source: docker.io/grafana + ver: + tag: 10.0.2 + grafana.imageRenderer.image: + name: + repository: docker.io/grafana/grafana-image-renderer + source: docker.io/grafana + grafana.initChownData.image: + name: + repository: docker.io/busybox + source: docker.io + ver: + tag: 1.31.1 + grafana.sidecar.image: + name: + repository: quay.io/kiwigrid/k8s-sidecar + source: quay.io + ver: + tag: 1.25.0 + kube-state-metrics.image: + name: + repository: kube-state-metrics/kube-state-metrics + registry: + registry: registry.k8s.io + ver: + tag: v2.9.2 + prometheus-node-exporter.image: + name: + repository: prometheus/node-exporter + registry: + registry: quay.io + ver: + tag: v1.6.1 + prometheus.prometheusSpec.image: + name: + repository: prometheus/prometheus + registry: + registry: quay.io + ver: + tag: v2.46.0-rc.0 + prometheusOperator.admissionWebhooks.patch.image: + name: + repository: ingress-nginx/kube-webhook-certgen + registry: + registry: k8s.gcr.io + ver: + tag: v1.3.0 + prometheusOperator.image: + name: + repository: prometheus-operator/prometheus-operator + registry: + registry: quay.io + ver: + tag: v0.66.0 + prometheusOperator.prometheusConfigReloader.image: + name: + repository: prometheus-operator/prometheus-config-reloader + registry: + registry: quay.io + ver: + tag: v0.66.0 + prometheusOperator.thanosImage: + name: + repository: thanos/thanos + registry: + registry: quay.io + ver: + tag: v0.31.0 + thanosRuler.thanosRulerSpec.image: + name: + repository: thanos/thanos + registry: + registry: quay.io + ver: + tag: v0.31.0 + name: kube-prometheus-stack + repository: https://prometheus-community.github.io/helm-charts + version: 48.2.0 +- name: kyverno + repository: https://kyverno.github.io/kyverno/ + version: 3.0.5 +- name: kyverno-crds + repository: https://kyverno.github.io/kyverno/ + version: v2.0.3 +- name: linkerd2 + repository: https://helm.linkerd.io/edge + version: 21.12.3 +- name: linkerd2-cni + repository: https://helm.linkerd.io/edge + version: 30.8.1 +- name: linkerd-viz + repository: https://helm.linkerd.io/edge + version: 21.12.4 +- name: loki-stack + repository: https://grafana.github.io/helm-charts + version: 2.9.10 +- containers: + loki.image: + name: + repository: docker.io/grafana/loki + source: docker.io/grafana + ver: + tag: 2.8.3 + nginx-unprivileged.image: + name: + repository: docker.io/nginxinc/nginx-unprivileged + source: docker.io/nginxinc + ver: + tag: 1.25.1 + name: loki + repository: https://grafana.github.io/helm-charts + version: 5.8.11 +- containers: + promtail.image: + name: + repository: docker.io/grafana/promtail + source: docker.io/grafana + ver: + tag: 2.8.3 + name: promtail + repository: https://grafana.github.io/helm-charts + version: 6.11.8 +- containers: + image: + name: + repository: k8s.gcr.io/metrics-server/metrics-server + source: k8s.gcr.io/metrics-server + ver: + tag: v0.6.3 + name: metrics-server + repository: https://kubernetes-sigs.github.io/metrics-server/ + version: 3.10.0 +- containers: + image: + name: + repository: k8s.gcr.io/node-problem-detector/node-problem-detector + source: k8s.gcr.io/node-problem-detector + ver: + tag: v0.8.13 + name: node-problem-detector + repository: https://charts.deliveryhero.io/ + version: 2.3.5 +- name: prometheus-adapter + repository: https://prometheus-community.github.io/helm-charts + version: 4.3.1 +- name: prometheus-cloudwatch-exporter + repository: https://prometheus-community.github.io/helm-charts + version: 0.25.1 +- name: prometheus-blackbox-exporter + repository: https://prometheus-community.github.io/helm-charts + version: 7.12.0 +- name: rabbitmq-cluster-operator + repository: https://charts.bitnami.com/bitnami + version: 3.6.5 +- name: scaleway-webhook + repository: https://particuleio.github.io/charts + version: v0.0.1 +- name: sealed-secrets + repository: https://bitnami-labs.github.io/sealed-secrets + version: 2.11.0 +- name: strimzi-kafka-operator + repository: https://strimzi.io/charts/ + version: 0.36.1 +- name: thanos + repository: https://charts.bitnami.com/bitnami + version: 12.11.0 +- containers: + calicoctl: + name: + image: docker.io/calico/ctl + source: docker.io + ver: + tag: v3.26.1 + tigeraOperator: + name: + image: tigera/operator + registry: + registry: quay.io + ver: + version: master + name: tigera-operator + repository: https://docs.projectcalico.org/charts + version: v3.26.1 +- name: traefik + repository: https://helm.traefik.io/traefik + version: 24.0.0 +- name: memcached + repository: https://charts.bitnami.com/bitnami + version: 6.5.7 +- name: vault + repository: https://helm.releases.hashicorp.com + version: 0.25.0 +- name: velero + repository: https://vmware-tanzu.github.io/helm-charts + version: 5.0.0 +- name: victoria-metrics-k8s-stack + repository: https://victoriametrics.github.io/helm-charts/ + version: 0.17.4 +- containers: + image: + name: + repository: ghcr.io/dexidp/dex + source: ghcr.io/dexidp + ver: + tag: v2.37.0 + name: dex + repository: https://charts.dexidp.io + version: 0.15.2 +- containers: + image: + name: + repository: mintel/dex-k8s-authenticator + source: mintel + ver: + tag: 1.4.0 + name: dex-k8s-authenticator + repository: https://charts.sagikazarmark.dev/ + version: 0.0.2 +- containers: + image: + name: + repository: kubernetesui/dashboard + source: kubernetesui + ver: + tag: v2.7.0 + metricsScraper.image: + name: + repository: kubernetesui/metrics-scraper + source: kubernetesui + ver: + tag: v1.0.9 + name: kubernetes-dashboard + repository: https://kubernetes.github.io/dashboard + version: 6.0.7 +- containers: + image: + name: + repository: quay.io/reactiveops/rbac-manager + source: quay.io/reactiveops + ver: + tag: v1.6.4 + name: rbac-manager + repository: https://charts.fairwinds.com/stable + version: 1.17.2 +- containers: + image: + name: + repository: ghcr.io/stakater/reloader + source: ghcr.io/stakater + ver: + tag: v1.0.38 + name: reloader + repository: https://stakater.github.io/stakater-charts + version: 1.0.38 +- containers: + setup-csi-snapshotter.csi-provisioner: + manager: kustomize + name: + repository: k8s.gcr.io/sig-storage/csi-provisioner + source: k8s.gcr.io/sig-storage + ver: + tag: v3.4.1 + setup-csi-snapshotter.csi-snapshotter: + manager: kustomize + name: + repository: gcr.io/k8s-staging-sig-storage/csi-snapshotter + source: gcr.io/k8s-staging-sig-storage + ver: + tag: v6.2.2 + setup-csi-snapshotter.hostpath: + manager: kustomize + name: + repository: k8s.gcr.io/sig-storage/hostpathplugin + source: k8s.gcr.io + ver: + tag: v1.11.0 + setup-snapshot-controller.snapshot-controller: + manager: kustomize + name: + repository: gcr.io/k8s-staging-sig-storage/snapshot-controller + source: gcr.io/k8s-staging-sig-storage + ver: + tag: v6.2.2 + manifests_version: v6.0.1 + name: csi-external-snapshotter +- name: vpa + repository: https://charts.fairwinds.com/stable + version: 2.5.1 + containers: + recommender.image: + name: + repository: registry.k8s.io/autoscaling/vpa-recommender + source: registry.k8s.io/autoscaling + ver: + tag: 0.14.0 + updater.image: + name: + repository: registry.k8s.io/autoscaling/vpa-updater + source: registry.k8s.io/autoscaling + ver: + tag: 0.14.0 + tests.image: + name: + repository: bitnami/kubectl + source: bitnami +- name: goldilocks + repository: https://charts.fairwinds.com/stable + version: 7.1.2 + containers: + image: + name: + repository: us-docker.pkg.dev/fairwinds-ops/oss/goldilocks + source: us-docker.pkg.dev/fairwinds-ops/oss + ver: + tag: v4.9.0 +name: Handle terraform-kubernetes-addons helm chart dependencies update +version: 1.0.0